1. Technical Field
The present invention relates to a remote access method in which an operational computer on an intranet is connected to a target computer on the same or the other intranet via a router and/or a firewall over the Internet to perform a secure operation. Further, the present invention relates to a remote access method in which an invalid user is prevented from logging in to the target computer when the operational computer is connected to the target computer over the network.
2. Related Art
Conventionally, IPsec and SSL-VPN are utilized as a remote access method for a connection via a router and/or a firewall. According to IPsec, an operation is made in a manner in which an intranet is virtually excluded from the intranet. Accordingly, there is an information management problem in which a file on the intranet is taken out of the intranet. On the other hand, in a case of SSL-VPN, it is only Web applications that can be used. Therefore, there is a problem that all applications operable on a target computer on an intranet cannot be utilized from an outside of the intranet (see Patent Document 1).
In addition, as concern about security in business fields grows over a remote access method between computers, a technique of server based computing (SBC) becomes widely utilized, in which an operational computer and a target computer are mutually connected over a network to achieve secure business operations. SBC is characterized in that, generally, a large number of operational computers is connected to a small number of target computers, that a different user authentication information is input from each operational computer to login to a target computer, and that a specific application such as a terminal service on a small number of the target computers is shared among a large number of people.
However, when a target computer connected over a network is remotely accessed from an operational computer, for example, by utilizing IPsec-VPN or SSL-VPN, there is a problem in which it is possible to perform logging in with authentication information on some other user in “spoofing” the user.
[Patent Document 1] JP-A-2001-273211
An object is to securely perform all operations available on an intranet from an outside of the intranet without taking out a file on the intranet from the intranet.
An other object of the present invention is to prevent an invalid user from performing logging in “spoofing” the other user when a target computer is accessed from an operational computer.